LinkedIn post - ERM Presentation
- 1. (Company Name)Enterprise Risk Management Seminar Facilitated by Jabulani Mbengo (Head Internal Audit) Date: 12 April 2014
- 2. SEMINAR OBJECTIVES • Understand the concept of Enterprise Risk Management • Appreciate the benefits of Effective Risk Management • Understand pressures for adopting Effective Risk Management • Identify appropriate structure for Effective Risk Management • Profile potential risks facing the Company • Understanding current controls in place • Propose additional responses to mitigate identified risks
- 3. INTRODUCTION AIG, once considered “too big to fail” had to be bailed out by the US government (Why – because they did not identify and manage product and strategic risks) The disappearance of Flight MH370 of Malasia, who could have thought a plane can disappear with trace? The Westgate terrorist saga in Kenya in 2013 (Security risk)
- 4. DEFINITION OF ENTERPRISE RISK MANAGEMENT “… a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” COSO Identify potential Events that may affect the company Manage risks within the company’s risk appetite Provide reasonable assurance of how risks are being managed
- 5. Benefits of ERM Greater likelihood of achieving company objectives; Consolidated reporting of disparate risks at board level; Improved understanding of the key risks and their wider implications; Identification and sharing of cross business risks; Greater management focus on the issues that really matter; Fewer surprises or crises; More focus internally on doing the right things in the right way; Increased likelihood of change initiatives being achieved; Capability to take on greater risk for greater reward More informed risk-taking and decision-making.
- 6. PRESSURES FOR EFFECTIVE RISK MANAGEMENT IN ORGANISATIONS
- 8. WHY INSURANCE COMPANY BECOME INSOLVENT? (This is USA statistics)
- 9. THE ACTIVITIES INCLUDED IN ERM Articulating and communicating the objectives of the organisation; Determining the risk appetite of the organisation; Establishing an appropriate internal environment, including a risk management framework; Identifying potential threats to the achievement of the objectives; Assessing the risk i.e. the impact and likelihood of the threat occurring; Selecting and implementing responses to the risks; Undertaking control and other response activities; Communicating information on risks in a consistent manner at all levels in the organisation; Centrally monitoring and coordinating the risk management processes and the outcomes, and Providing assurance on the effectiveness with which risks are managed.
- 10. EFFECTIVE STRUCTURE OF ERM Board Chief Executive Officer/ Managing Director/General Manager Management Risk Committee Chief Risk Officer/ERM Champion Board Risk Committee
- 11. INTERNAL AUDIT ROLES IN RISK MANAGEMENT
- 12. WHAT IS RISK ASSESSMENT? A risk assessment is simply a careful examination of what, in your work, could go wrong to cause harm to people, and the organization, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm A risk assessment is an important step in protecting your workers and your business, as well as complying with the law. It helps you focus on the risks that really matter in your workplace – the ones with the potential to cause real harm
- 13. OUR TASK TODAY We need to be able to complete the following Total Risk Profiling table- terms are described in the following slides Risk No Vulnerabi lity Trigg er Consequen ces Severity Probability/Likeli hood Current Controls /Management actions to Improve
- 14. EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE Terms Vulnerability This is the ‘what’, and the ‘where’ This column describes the inherent potential vulnerability in the enterprise being analyzed We need to identify all risks that can negatively impact on FICO Trigger: The ‘how’ or the ‘why’ Describes the failure or initiating that triggers an unintended release of the threat or development of the weakness described in the ‘vulnerability’ column Consequences The ‘how bad’ or the ‘how big’ This column describes the nature and magnitude of the consequences which result from the unintended release of the threat or development of the weakness described in the vulnerability and trigger columns
- 15. EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE…. SEVERITY LEVEL DEFINITION I Catastrophic Threatens viability of the business II Critical Serious damage to financial condition, reputation or ability to meet business objectives III Significant Limits ability to operate within budgets and achieve business development and financial targets IV Marginal Minor impact
- 16. EXPLAINING TERMS IN THE TOTAL RISK PROFILING TABLE…. PROBABILITY LEVEL DEFINITION A Very High It will happen soon Often experienced or likely to occur frequently B High It will happen sooner or later Several times experienced or occurring C Occasional It can happen sooner or later Sometimes experienced or occurring D Low It is expected to happen one day Maybe experienced or occurring E Very Low It is not expected but can happen Unlikely to be experienced or to occur F Almost impossible Theoretically possible Theoretically impossible
- 17. KEY FOCUS AREAS Strategic Risk Insurance Risk Operational Risk Credit and Investment Risk Financial Risk